Where, really, is the perimeter of the enterprise? There is only one universally correct answer to that question: “I don't know.” That, of course, poses problems when trying to defend it. One theory is that the perimeter is wherever you want it to be. For example, if you are a bank with an online banking system, you certainly want a perimeter to protect that service. But, even then, where is the perimeter? The front-end web service is open to the Internet – or the service wouldn't work – and it is connected to a back-end database. So, is the perimeter the web front-end or somewhere between the web server and the database server?
What about a completely perimeterless enterprise? That has been suggested by those who believe that encryption could do away with the perimeter as we think of it currently. In its place, each device or application would have its own perimeter in the sense that it would be inaccessible without the required crypto key. Nothing on the enterprise would travel or be stored in clear text. That, unfortunately, poses a lot of application challenges. Many applications simply would break under those conditions. The answer might be to tack on a front-end translator that consumed the crypto key and then, in some manner, granted access. That is the basic scheme behind Kerberos but even that relatively mature technique requires applications to be “Kerberized.”
As one might expect, there is a limited number of innovative players in this space so finding good candidates for this year was a bit of a challenge. Still, it is a sparse category, all the more disturbing because of the need for a flexible, scalable approach to protecting the perimeter wherever it happens to be. In years past we have had incumbents in this category that have moved off to the Hall of Fame – in fact, we have one this year – but that does not make the challenges any less serious.
We think that this category likely is going to be in flux until the architectural issues surrounding enterprise design in a hybrid world are solved. When that might be, we are not prepared to speculate but one thing that we know for sure: the cloud has changed the ballgame materially. Not because of the cloud per se… that is nothing more than a business and marketing construct with little technical basis.
However, the way the cloud is being used is the game changer. Even the architecture of the cloud is evolving to support application development and efficient implementation. So, the cloud is not just for storage anymore. It's becoming the alternative environment for the organizational enterprise and application development. And that, unquestionably, will redefine what we mean by the perimeter and how we defend it.
|Flagship Product||skwiid (skwiid In-Network)|
|Price||A range of dedicated high speed HW probe appliances are available: $1,000 - $46,000.|
|Innovation||Pervasive monitoring across the enterprise regardless of the type of endpoint.|
Effective use of sensors, analytics and enrichment data to create threat analysis that actually is useful to incident responders in near real-time.
Among the innovations from this company are reversing of mobile malware – a unique proposition not often seen – bringing the network and mobile endpoints together and, rather than handing off data to the user, this innovator actually enables an incident responder to use the data intelligently. Additionally, Cyber adAPT has excellent tentacles into the computer underworld enabling it to obtain malware samples, adversarial campaign structures, etc. This lets them take the output of their research and translate it into something useful for the customer.
The company has grown to nearly 50 people, a good growth from last year demonstrating sustainability. Skwiid, their monitoring platform, was introduced in May of this year and it certainly will define the company's roadmap going forward. Part of the innovation for Cyber adAPT is its threat-centric approach. Because skwiid is looking at the data stream, it gets a very clear picture of events at the endpoints interacting with the rest of the enterprise. By correlating with profiles of known attacks and other enriched threat-centric data, skwiid is able to identify malicious behavior in near real-time.
The growth of the company and its increasing number of alliances with companies such as Dell attest to its staying power. Prior to its acquisition of MAD we watched that innovator closely as well. Merging technologies such as this doesn't always work but in this case it was just the right move. We see this as one of the defining innovators in perimeter defense in a cyber world where the definition of “perimeter” is fuzzy at best.